Privacy, security and GDPR

Overview

The Privacy, security and GDPR page allows you to configure Ortto’s global security, privacy, and General Data Protection Regulation (GDPR) settings.

Accessing privacy, security and GDPR

To access the privacy, security and GDPR page, go to Settings > Privacy, security and GDPR

Managing privacy, security and GDPR

The privacy, security and GDPR page allows users to:

Saving changes

Click the Save button located at the bottom of the page to confirm and apply your changes.


App authentication

App authentication settings in Ortto allow you to control how users sign in to their accounts. Here’s how you can set it up:

  1. Any authentication method (Default): Users can login using any globally configured authentication method.
  2. Google Single-Sign-On enforced: Forces all users to login with their Google account.
  3. Microsoft Single-Sign-On enforced: Forces all users to login with their Microsoft account.
    1. Learn more about Microsoft single-sign-on.
  4. Okta Single-Sign-On enforced (Limited availability): Forces all users to login with their Okta account. Requires additional setup in OKTA.
    1. This feature is available to Ortto customers on Enterprise plans.
    2. Learn more about setting up Okta single-sign-on for Ortto.

IMPORTANT: If you choose to configure Okta single sign-on for your Ortto account, this change cannot be reversed. Once enabled, you cannot switch back to using other authentication methods like Any authentication method or Google Single-Sign-On enforced.


Google reCAPTCHA

Integrate Google’s reCAPTCHA feature seamlessly into Ortto’s capture widgets on your business' websites by following these steps:

  1. Register your website/s on Google reCAPTCHA’s Admin console, selecting reCAPTCHA v2 and the appropriate options.
  2. After registration, visit Google reCAPTCHA’s Adding reCAPTCHA to your site page.
  3. Copy the Site key and Secret key provided.
  4. In your Ortto account, navigate to Settings > Privacy, security and GDPR > Google reCAPTCHA and paste the keys into the corresponding fields:

These steps will enable Google reCAPTCHA to enhance security on your Ortto capture widgets effectively.

Example of a capture widget with reCAPTCHA.

NOTE: reCAPTCHA has different levels of verification depending on the risk detected. It typically starts with the checkbox but can escalate to image challenges if it suspects the user might be a bot.


Two-step authentication (2FA)

Two-step authentication (2FA) enhances the security of your Ortto account by requiring users to verify their identity with a second factor during login. Here’s how you can configure it:

  1. Optional (Default): Users can sign in with or without using two-factor verification.
  2. Required: Users must use two-factor verification to sign in. Each user can configure this in their Profile settings.

NOTE:

  • If 2FA is required in Settings (Privacy, Security, and GDPR) but not set at the account level (in Profile settings), it will automatically be enabled for each user in their Profile settings.
  • If you sign in with a Google account, you may not need to use Ortto’s 2FA as Google's own two-step verification feature is used instead.
  • Using OKTA single-sign-on disables 2FA options selection.

Tracking opt-in form

The Tracking opt-in form in Ortto allows you to control Ortto’s cookie-based tracking feature, ensuring compliance with the General Data Protection Regulation (GDPR).

  • GDPR applies to companies and entities within the EU that handle personal data, as well as those outside the EU handling data of EU residents.
  • To meet GDPR standards, Ortto provides a user-driven opt-in form that appears on your business' websites. This form enables users to consent to Ortto tracking their activities through cookies.

Enabling this feature helps ensure that Ortto's tracking practices align with GDPR requirements, providing transparency and user control over their personal data.


Policies, documents and GDPR addendum

Ortto’s GDPR Addendum for customers is available for download in this section.

Additionally, you can view other important documents such as:


Data hosting

Ortto hosts data according to your signup selection: United States (default), European Union, or Australia. This section displays the region you chose during signup.

IMPORTANT: Once the region is set, it cannot be changed.

If you use Ortto's API, the region where your data is hosted determines the specific API endpoint you should use.